[dow3tf] Press clip:Is Whois Data Accuracy Enough?

["GNSO SECRETARIAT" <gnso.secretariat@xxxxxxxxxxxxxx>]

[To: dow3tf@xxxxxxxxxxxxxx]

The Task Force 3 chair, Brian Darville has asked that the following article
be circulated.
GNSO Secretariat


http://www.circleid.com/article.php?id=82_0_1_0/

Is Whois Data Accuracy Enough?

Nov 20, 2002 | From CircleID Privacy Matters

By Rick Wesson

The Whois Task Force of the Domain Name Supporting Organization (DNSO) has
been consulting with registrars over the past few months on the Whois
accuracy issue for law enforcement. The Task Force has enumerated three
primary areas of interest: accuracy, uniformity, and better searching
capabilities. When the registrars met with the Task Force in Shanghai, a
fourth area of interest was also brought forward and advocated by many of
the registrars at the meeting as paramount to the other three areas. This
fourth area of interest was privacy.

Most registrars at the meeting agreed that there are two factors that
encourage registrants to submit false or inaccurate data: (1) a lack of
preventive measures with respect to data mining; and (2) privacy concerns.
Some registrars have registered domains with addresses never used before and
observed the number of times SPAM/UCE (Unsolicited Commercial Email) and
postal mail was received; the empirical data has suggested that the Whois
data was indeed harvested and used for unauthorized purposes.

Most registrants detest SPAM/UCE and postal advertisements they receive from
aggressive marketers using contact information readily available from the
Whois data bank. Hence, proper means of protecting registrants' privacy is
an area ICANN must devote sufficient attention to in order to reduce data
mining and enhance domain owners' confidence. It should also be noted that
all stakeholders, including registrants, are able to voice their opinions to
the Whois Task Force by emailing comments-whois@xxxxxxxx

Accuracy

Accuracy is difficult to define when talking about global addressing. For
instance, is it acceptable to list your cell phone from one country and your
postal address from another when registering a domain name? How about
determining the accuracy of a phone number, given the fact that many
countries define their numbers in varying lengths?

Every element of a registrant's contact information poses a difficult task
for validation. While for a registrar in the UK, local postal code
verification is a simple algorithm, a registrar in the US would need to
consult a database of over 10GB to validate a simple five-digit postal code.
These vastly different addressing verification methods require a significant
engineering effort that many registrars may not be able to cope with. Add in
184 more varying country postal addressing and telephone dialing schemes,
and verification becomes a pie-in-the-sky concept instead of something that
is easily implemented.

Extensible Provisioning Protocol

The Extensible Provisioning Protocol, or EPP, is a product of the IETF
working group called Provisioning Registry Protocol and used by the new gTLD
registries to provision domain names. The protocol is nearly complete and
the IESG is about to call for the protocol to be published as an RFC. One
last item on the working group's list of items to complete is what was
recently proposed as the 'last-verified-date.' The idea behind
'last-verified-date' is that registrars will eventually be able to verify
their registrants' data and date-stamp the day and time the information was
last verified. Given the fact that in October the Whois protocol, and most
likely a significant portion of its data, turned 17 years old, this may
indeed be a good thing!

Registrar Commitment

Whois accuracy is not a new concept to Registrars. Presentations last year
by House Representative Howard Berman in Marina del Rey and his subsequent
statement on The Whois Database: Privacy and Intellectual Property Issues,
certainly educated registrars regarding issues that intellectual property
enforcement agencies have with the Whois data. Registrars have expressed
their commitment to publishing data as accurately as the data can be
collected. Many registrars recently discussed accuracy of the Whois data
with the Federal Trade Commission and other representatives of the law
enforcement and intellectual property communities. Registrars are now
preparing for publishing more accurate information and implementing
techniques to detect and deter fraudulent domain registrations though active
participation with the DNSO's Whois Task Force. However, many registrars
still feel that the main issues that encourage inaccuracies in the
registration process are registrants' attempts to deter their data from
being harvested and used by unscrupulous marketing companies. Registrants'
right to privacy cannot be ignored.

A service called Fraudit that helps registrars identify inaccuracies during
domain name registrations has recently been introduced by Alice's Registry.
The service uses information collected from more than 186 countries to
validate postal codes, email addresses, telephone numbers, and email
deliverability. This evaluation process takes place within seconds through
an automated process and can act as a valuable tool for deterring fraud and
ensuring data accuracy. Many registrars have already started to deploy the
service in order to verify and validate their entire portfolio of domain
registrations.